Reference : Modeling Data Protection and Privacy: Application and Experience with GDPR
Scientific journals : Article
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/48170
Modeling Data Protection and Privacy: Application and Experience with GDPR
English
Torre, Damiano [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV >]
Alferez, Mauricio [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV >]
Soltana, Ghanem [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Sabetzadeh, Mehrdad [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV >]
Briand, Lionel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV >]
In press
Software and Systems Modeling
Springer
Yes (verified by ORBilu)
International
1619-1366
1619-1374
Germany
[en] GDPR ; regulatory compliance
[en] In Europe and indeed worldwide, the Gen-
eral Data Protection Regulation (GDPR) provides pro-
tection to individuals regarding their personal data in
the face of new technological developments. GDPR is
widely viewed as the benchmark for data protection
and privacy regulations that harmonizes data privacy
laws across Europe. Although the GDPR is highly ben-
e cial to individuals, it presents signi cant challenges
for organizations monitoring or storing personal infor-
mation. Since there is currently no automated solution
with broad industrial applicability, organizations have
no choice but to carry out expensive manual audits to
ensure GDPR compliance. In this paper, we present a
complete GDPR UML model as a rst step towards de-
signing automated methods for checking GDPR compli-
ance. Given that the practical application of the GDPR
is infuenced by national laws of the EU Member States,we suggest a two-tiered description of the GDPR, generic
and specialized. In this paper, we provide (1) the GDPR
conceptual model we developed with complete trace-
ability from its classes to the GDPR, (2) a glossary to
help understand the model, (3) the plain-English de-
scription of 35 compliance rules derived from GDPR
along with their encoding in OCL, and (4) the set of
20 variations points derived from GDPR to specialize
the generic model. We further present the challenges we
faced in our modeling endeavor, the lessons we learned
from it, and future directions for research.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)
Fonds National de la Recherche - FnR
IMOREF
Researchers ; Professionals
http://hdl.handle.net/10993/48170

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
Modeling_Data_Protection_and_Privacy__Application_and_Experiencewith_GDPR.pdfAuthor preprint1.17 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.